Main menu

Why Tor is slow and what we're going to do about it

I've just finished writing up an explanation of all the various reasons why the Tor network is slow, and what we can do about each. Part of it comes down to design flaws; some of it is that a handful of users are overloading the network; and there's also simply not enough capacity to go around.

Specifically, we've identified six categories of problems to address, and laid out some steps to resolve each of them.

Build teams of Tor operators is very nice idea. As a contributor in BOINC project I know, that competition is big motivation for running own node and also finding next members to my team. I expect that it can do huge work with a little effort in case of Tor project.

Just one note to "Reachable clients become relays automatically". Do this pure automatically is bad idea - and you wrote good reasons by self. But you can something by little change of Vidalia GUI. Currently, settings of relay is just one of tab in Vidalia.

Showing message box (Run Tor relay/exit? Relay/Exit/No,thanks) with short and clever arguments, why is running tor relay good for user will make a lot of effort and without upsetting users, who cannot run relay for serious reason.

There is plenty of good reasons to run relay/exit. One of them is to mix my non-tor communication with other traffic, so Im a little bit anonymous (traffic of my IP is not fully linkable to myself) even I don't use Tor at the moment.

I think many people dont run Tor relay because they a) dont know why b) dont know, that it is really so simple :).

I gather when running as a relay server, there is a publicly exposed listener.
Is it vulnerable to a buffer exploit?
if so, what kind of protective firewalling does it need in order for the server
machine to host it safely?

Not that we know of. But we do periodically find bugs that might allow things like that. That's why you should always keep up with the latest Tor versions. (Everybody should be on the or-announce list at http://archives.seul.org/or/announce/ .)

Firewalling (i.e. blocking incoming connections) isn't going to do anything. What you want is to make sure that it isn't running with privileges (how to do that depends on your OS, but most default ways to set up Tor are fine). If you want to be extra careful, you can run it in a chroot or jail or the like.

Bittorrent can run on a wide variety of ports, which would make it difficult for exit nodes to block, since exit nodes generally rely on port-based blocking.

All that can be done, so far as I know, is to better educate people about why they should not use Tor with bittorrent, and what they should do instead.

To that end:
* Tor was not designed to run with bittorrent. By using bittorent over Tor, you are hurting the Tor network.
* Your downloads will be very slow.
* Bittorrent clients were not designed to be secure with Tor, and may leak information about you.
* If you are using Tor for censorship evasion, not anonymity, you may have better luck using a client like Azureus / Vuze which supports encryption.
* If you are using Tor for anonymity, but still for legal purposes, i2p was better designed for this sort of thing and there are several custom clients trusted to work with i2p. I2PSnark comes bundled with i2p, and a few others are available. Unfortunately, you can only use i2p to access i2p torrents. You can help i2p by uploading legally distributable torrents to their trackers.
* If you are using Tor for illegal purposes, we cannot help besides to suggest that you stop doing so.

There's so little known about it from actual documents it's difficult to properly form a legal opinion. We're paying attention to it and offering assistance to other orgs as they try to get more information on it.

A lot of home users, including myself, shut our computers down each night to save electricity and save our computers from overheating or getting burned out too quickly. If I ran Windows, I would also run into software stability problems if I left it up for long, but it my case that isn't the problem.

I would like to contribute to the Tor network, but given that a node has to be up for many days before it starts being well used, I feel like it isn't really worth it.

Apparently i2p is able to handle such a situation. On the first run, an i2p router has to be left up for a number of hours to become "well-integrated", meaning a lot of other i2p clients know about the i2p router and the i2p router knows about a lot of other i2p routers. However, once the i2p router is well-integrated, the other i2p clients will keep it in their database for 24 hours after it goes offline, so as long as you don't leave it offline for more than 24 hours, it will take only a few hours for it to be fully utilised on future runs. Thus, home users who only run i2p routers for some number of hours each day are still able to contribute significantly to the i2p network.

Would it be possible to implement something like this in Tor? I know there are problems with the directory being too large. Maybe the directory could be broken into bite-sized chunks upon request from slower clients.

For the project ! Bravissimo...
But some features could be fixed. For example, it's impossible to use One Swarm in Firefox when TOR is running. It's a serious problem to be really anonymous in France (context of security called HADOPI) while sharing files in a friend to friend network.
I'm sure a developper or TOR Project could fix this !

Thx a lot for the last stable version for DEBIAN.
Don't forget you can visit my homepage for detail about HADOPI in France.
Have a nice day.

If you don't, there could be incompatibility problems between you and the rest of the network.

If you do, then it is probably a network problem. There's a great deal of chance in building Tor circuits: some are faster than others. You could reduce the amount of chance, but that would also decrease anonymity.

The best case scenario, if improvements to Tor's speed are successful, is that such things will happen less often, but will still happen.

If you manually edit your torrc, there are EntryNodes and ExitNodes options that you can use to specify which nodes you want to use for your Entry and Exit nodes. *If* Tor is integrated with GeoIP, you can specify by country which nodes you do and do not want to use. You would have to list country codes for all European countries. I don't know how you can control the middle node. I don't remember if this is implemented in the stable version yet or only in the alpha.

I think the feature was mainly intended for people who do not trust the privacy laws of a particular country. For example, if a country implements a data retention law that you think is too severe, you tell Tor not to use nodes and nodes in that country as entry or exit nodes.

Instead of $fingerprint you can also specify a 2 letter ISO3166 country code in curly braces (for example {de}),

so....

# A list of preferred nodes to use for the last hop in the circuit, if possible.
excludenodes {us},{br},{jp},{ca},{au},{cn}
# A list of preferred nodes to use for the first hop in the circuit, if possible.
entrynodes {fr},{gb},{en},{de},{es}

This was a thorough, well-thought out and much needed analysis. I enjoyed reading the sections discussing the tradeoffs between latency and throughput.

Since file-sharing is not going away but has clear implications for the performance of the network, it seems pretty straightforward that the network needs to be optimized for lower latency and for the web-browsing type use. Those individuals using the system for file-sharing can still make use of it but will learn to expect slower speeds.

If broadband speeds continue to improve and/or fiber-optic networks to the home become more mainstream around the world, this should help with the throughput issues I would think.

It would be nice to have an overwiew about the rights , the Do's and the Don'ts an TOR-Relayer must do, to keep him/her safe too against the local goverment.
Maybe a policy and some documents will help, This will also encourage people to do more voluntary work by hosting an qon tor relay server.
best wishes
Tommy,

I think its ok for what we get for free service like yours, i believe also your team will working on it with the best effort. Shared with thousand people around the world for better safer surfing needs lot resources. Thanks for your GREAT job! I will use TOR always.

Implementing a function that prevents the occupation or usage of tor and bittorrent programs would be an easy and effective first step. Limiting the use of tor to critical uses would be another(websites, ssl, e-mail). Implementing a more robust system and separating critical needs over non-critical needs and then forcing tor to give a higher priority to those functions.

A small quote from there:
* Tor was not designed to run with bittorrent. By using bittorent over Tor, you are hurting the Tor network.
* Your downloads will be very slow. (I can confirm, VERY SLOW. And also Tor nodes can ban you so you can't use Tor either for torrents or for other purposes, e.g. browsing)
* Bittorrent clients were not designed to be secure with Tor, and may leak information about you.
* If you are using Tor for censorship evasion, not anonymity, you may have better luck using a client like Azureus / Vuze which supports encryption.

If you want to use anonymous filesharing, I suggest to use:
1) http://en.wikipedia.org/wiki/I2P#BitTorrent - connect to I2P network and start sharing there using I2PSnark
2) Forget about any special networks, either Tor or i2p or any else, - and just use programs that can obfuscate or encrypt your peering connections: http://www.emule-project.net for eDonkey2000 network (I recommend) or Azureus / Vuze for torrents.

It's a pity that tor is slowing down the surfing process. But you need to pay for every good thing. You can't take only pluses, and do not take any of the minuses of a technology http://ampaportalnou.org/

is there a way to pick and choose which relay you want to use? using the vidalia network map? i've went through the tor faqs and played with the program for a while, but i havent been able to answer that question. i keep getting routed through an overseas relay, and would like to use one near me. thanks.

Tor seriously sucks. On average it take ten minutes for me to load one single web page. Then god forbid I want to post something I have to wait another ten minutes. Programs like Jap are okay, but also really slow at times. Ghost Surf is great but you have to pay for it.